1.10 Security and Confidentiality of Data and Information 

Policy

Illinois State University has established the following policy to ensure the security, confidentiality, availability, and integrity of data and information stored by the University.

Faculty and staff (including student employees) who are granted access to data and information must preserve the security and confidentiality of the information they have access to and must abide by all applicable Federal and State laws and regulations, and University policies, and understand how these apply to their respective job functions. 

In addition, any employee who has access to any data or information, at a minimum:

1. Must use the data for University business purposes only.
2. Must follow any applicable laws, regulations, policies and procedures specific to their position.
3. May not make or permit unauthorized use of any such data or information.
4. May not seek personal benefit or permit others to benefit personally from any confidential information that has come to them by virtue of their work assignment.
5. May not exhibit or divulge the contents of any record or report to any person except in the conduct of their work assignment and in accordance with University and/or Department policies.
6. May not knowingly include or cause to be included in any record or report a false, inaccurate, or misleading entry.
7. May not remove any official record or report (or copy) from the office where it is kept except in performance of job responsibilities.
8. Must complete relevant information security training annually.

Further responsibilities with regard to information and data are detailed in:

• 3.1.29 Right of Access to Personnel Files
• 2.1.1 Student Records
• 1.13 Identity Protection (Use of Social Security Numbers)
• 7.1.5 Freedom of Information Act Implementation Rules
• 9.2 Policy in Appropriate Use (for technology resources)
• 9.8 Policy on Information Resource Access and Security

University Records

The University maintains information and data in a variety of forms. The primary Custodian of Records for the University is the President.  The President has delegated responsibility to the Vice President for Academic Affairs and Provost for all academic records; the Vice President for Finance and Planning for all general administrative and fiscal records; and the Vice President for University Advancement for all foundation and alumni records maintained in accordance with applicable standards.

The President and Vice Presidents further delegate the responsibility for defining, managing, and granting access to University records and data to various administrative “Data Custodians.” The Data Custodian for any set of University data is that person given executive responsibility for defining, managing, and granting access to any given set of University records, in paper or electronic form. A current list of key campus data custodians is found at The Office of General Counsel web site.

Questions concerning the University’s policy regarding release of information may be directed to the following:

• For general administrative and fiscal records, contact the Office of the Vice President for Finance and Planning.
• For all academic records, contact the Office of the Vice President for Academic Affairs and Provost.
• For requests of student’s transcripts or verifications, contact the Office of University Registrar.
• For employment records and verification, contact Human Resources.
• For subpoenas, court orders, or other legal documents, contact the Office of General Counsel.
• For Freedom of Information Act requests (refer to 7.1.5 Freedom of Information Act Implementation Rules), contact the Public Records Officer at 309-438-4319 or PublicRecords@IllinoisState.edu.

Violations

Violation of this policy may result in disciplinary action, up to and including termination of employment and/or disciplinary action under the Student Code of Conduct.